From 6a7704d3d1bc490d090364d1c35fbdce9cfab4ce Mon Sep 17 00:00:00 2001
From: William Storey <wstorey@maxmind.com>
Date: Wed, 19 Jun 2024 20:20:14 +0000
Subject: [PATCH 1/3] Do not run CodeQL on push

---
 .github/workflows/codeql-analysis.yml | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 1adb847..e9428b0 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -1,9 +1,6 @@
 name: "Code scanning - action"
 
 on:
-  push:
-    branches-ignore:
-      - 'dependabot/**'
   pull_request:
   schedule:
     - cron: '0 11 * * 2'

From 49311022a9cbff0f8224d84280abeba35a3a601b Mon Sep 17 00:00:00 2001
From: William Storey <wstorey@maxmind.com>
Date: Wed, 19 Jun 2024 20:20:35 +0000
Subject: [PATCH 2/3] Test on Go 1.22

---
 .github/workflows/go.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
index f5f09b0..ac37853 100644
--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@@ -11,7 +11,7 @@ jobs:
   build:
     strategy:
       matrix:
-        go-version: [1.20.x, 1.21.x]
+        go-version: [1.21.x, 1.22.x]
         # We don't test on macOS and windows as the database builds aren't
         # repeatable there for some reason. As such, tests fail. It'd
         # probably be worth looking into this at some point.

From 3a7ed9faeeae14ab31b079345b775a1dbd3f71aa Mon Sep 17 00:00:00 2001
From: William Storey <wstorey@maxmind.com>
Date: Wed, 19 Jun 2024 21:16:04 +0000
Subject: [PATCH 3/3] Add permission for scheduled CodeQL run

---
 .github/workflows/codeql-analysis.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index e9428b0..95a7a43 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -5,6 +5,9 @@ on:
   schedule:
     - cron: '0 11 * * 2'
 
+permissions:
+  security-events: write # Used by this action.
+
 jobs:
   CodeQL-Build: